exploitDog

CVE-2023-26146

Опубликовано: 29 сент. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered.

Ссылки

https://gist.github.com/dellalibera/c53448135480cbe12257c4b413a90d20
Exploit
https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730766
Exploit
Third Party Advisory
https://gist.github.com/dellalibera/c53448135480cbe12257c4b413a90d20
Exploit
https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730766
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ithewei:libhv:*:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00197

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-f4xh-jq5v-423g

CVSS3: 6.1

github

больше 2 лет назад

All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered.

EPSS

Процентиль: 42%

0.00197

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79